The present invention relates generally to the field of computer security, and more particularly to dynamic taint tracking and analysis.
Dynamic analysis refers to the ability to monitor codes as they execute, and is a fundamental tool in computer security field. Dynamic analysis can perform precise security analysis based upon run-time information by reasoning about actual executions of codes.
Dynamic taint analysis is a commonly employed dynamic analysis technique in the computer security field. The term “taint” as referred to herein is where malicious users have the ability to execute commands on a host computer or to influence the parameters to those commands. Dynamic taint analysis includes running a program and observing which, if any, computations are affected by predefined taint sources, such as user input. Dynamic taint analysis is also applied in unknown vulnerability detection where dynamic taint analysis looks for the misuse of user input during the execution of an application during run time. For example, dynamic taint analysis is used to prevent code injection attacks by monitoring whether user input is executed. Dynamic taint analysis also applies to malware analysis, where dynamic taint analysis is used to analyze how information flows through a malware binary, explore trigger-based behavior, and detect emulators.